Chrome users warned: Over 100 malicious extensions detected

Chrome browser users should exercise particular caution when installing extensions. Researchers from DomainTools identified over 100 malicious extensions that can steal users' data. Although Google has removed many of them, some are still available in the Chrome Web Store.

Malicious extensions often impersonate well-known brands like Fortinet or YouTube. Fake websites with "Add to Chrome" buttons direct users to malicious tools, increasing their credibility. These extensions can modify network traffic, steal cookies, and run JavaScript scripts.

Malicious extensions can function as a proxy server, allowing attackers to monitor users' browsing activity. They can also hijack accounts and steal personal data. This highlights the importance of thoroughly checking extensions before installation.

One example is the "fortivpn" extension, which steals cookies and modifies network traffic. Similar cases have been reported earlier, emphasizing the need for caution when installing new tools in the browser.

BleepingComputer provides several examples of extensions that should not be installed. Some of them impersonate popular tools like Flightradar24, the DeepSeek AI, and YouTube:

              
• youtube-vision[.]com and youtube-vision[.]world
• deepseek-ai[.]link
• calendlydaily[.]world, calendlydocker[.]com, calendly-director[.]com
• whale-alerts[.]org and whale-alert[.]life
• madgicxads[.]world and madgicx-plus[.]com
• similar-net[.]com
• workfront-plus[.]com
• flight-radar[.]life

To minimize risk, users should install extensions only from reputable publishers and read reviews from other users. This can help detect potential threats and avoid security issues.